From 715933a3d3d1023df0d77c1765850e8579b84dfc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 14 Dec 2011 10:23:30 +0100 Subject: [PATCH] s3:smbd: split ID_CACHE_* message handling into parent and child parts metze --- source3/Makefile.in | 2 +- source3/smbd/msg_idmap.c | 174 --------------------------------------- source3/smbd/process.c | 111 +++++++++++++++++++++++++ source3/smbd/proto.h | 4 - source3/smbd/server.c | 49 ++++++++++- source3/wscript_build | 2 +- 6 files changed, 161 insertions(+), 181 deletions(-) delete mode 100644 source3/smbd/msg_idmap.c diff --git a/source3/Makefile.in b/source3/Makefile.in index b0c17f6cff0..1389293ad8d 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -914,7 +914,7 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \ MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_hash2.o -SMBD_OBJ_MAIN = smbd/server.o smbd/server_exit.o smbd/msg_idmap.o +SMBD_OBJ_MAIN = smbd/server.o smbd/server_exit.o BUILDOPT_OBJ = smbd/build_options.o diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c deleted file mode 100644 index 757cac0e3f7..00000000000 --- a/source3/smbd/msg_idmap.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * Samba Unix/Linux SMB client library - * - * Copyright (C) Gregor Beck 2011 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -#include "includes.h" -#include "smbd/globals.h" -#include "smbd/smbd.h" -#include "../libcli/security/dom_sid.h" -#include "../libcli/security/security_token.h" -#include "idmap_cache.h" -#include "passdb/lookup_sid.h" -#include "auth.h" -#include "messages.h" -#include "lib/id_cache.h" - -static bool uid_in_use(const struct user_struct *user, uid_t uid) -{ - while (user) { - if (user->session_info && - (user->session_info->unix_token->uid == uid)) { - return true; - } - user = user->next; - } - return false; -} - -static bool gid_in_use(const struct user_struct *user, gid_t gid) -{ - while (user) { - if (user->session_info != NULL) { - int i; - struct security_unix_token *utok; - - utok = user->session_info->unix_token; - if (utok->gid == gid) { - return true; - } - for(i=0; ingroups; i++) { - if (utok->groups[i] == gid) { - return true; - } - } - } - user = user->next; - } - return false; -} - -static bool sid_in_use(const struct user_struct *user, - const struct dom_sid *psid) -{ - while (user) { - struct security_token *tok; - - if (user->session_info == NULL) { - continue; - } - tok = user->session_info->security_token; - if (tok == NULL) { - /* - * Not sure session_info->security_token can - * ever be NULL. This check might be not - * necessary. - */ - continue; - } - if (security_token_has_sid(tok, psid)) { - return true; - } - user = user->next; - } - return false; -} - -static bool id_in_use(const struct user_struct *user, - const struct id_cache_ref *id) -{ - switch(id->type) { - case UID: - return uid_in_use(user, id->id.uid); - case GID: - return gid_in_use(user, id->id.gid); - case SID: - return sid_in_use(user, &id->id.sid); - default: - break; - } - return false; -} - -static void id_cache_kill(struct messaging_context *msg_ctx, - void *private_data, - uint32_t msg_type, - struct server_id server_id, - DATA_BLOB* data) -{ - const char *msg = (data && data->data) - ? (const char *)data->data : ""; - struct smbd_server_connection *sconn; - struct user_struct *validated_users; - struct id_cache_ref id; - - sconn = msg_ctx_to_sconn(msg_ctx); - if (sconn == NULL) { - DEBUG(1, ("could not find sconn\n")); - return; - } - - validated_users = sconn->smb1.sessions.validated_users; - - if (!id_cache_ref_parse(msg, &id)) { - DEBUG(0, ("Invalid ?ID: %s\n", msg)); - return; - } - - if (am_parent) { - messaging_send_to_children(msg_ctx, msg_type, data); - } - - if (id_in_use(validated_users, &id)) { - exit_server_cleanly(msg); - } - id_cache_delete_from_cache(&id); -} - -static void id_cache_flush(struct messaging_context *ctx, - void* data, - uint32_t msg_type, - struct server_id srv_id, - DATA_BLOB* msg_data) -{ - id_cache_flush_message(ctx, data, msg_type, srv_id, msg_data); - - if (am_parent) { - messaging_send_to_children(ctx, msg_type, msg_data); - } -} - -static void id_cache_delete(struct messaging_context *ctx, - void* data, - uint32_t msg_type, - struct server_id srv_id, - DATA_BLOB* msg_data) -{ - id_cache_delete_message(ctx, data, msg_type, srv_id, msg_data); - - if (am_parent) { - messaging_send_to_children(ctx, msg_type, msg_data); - } -} - - -void msg_idmap_register_msg(struct messaging_context *ctx) -{ - messaging_register(ctx, NULL, ID_CACHE_FLUSH, id_cache_flush); - messaging_register(ctx, NULL, ID_CACHE_DELETE, id_cache_delete); - messaging_register(ctx, NULL, ID_CACHE_KILL, id_cache_kill); -} diff --git a/source3/smbd/process.c b/source3/smbd/process.c index b3e4d0d9fbb..e57faf19782 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -36,6 +36,9 @@ #include "rpc_server/spoolss/srv_spoolss_nt.h" #include "libsmb/libsmb.h" #include "../lib/util/tevent_ntstatus.h" +#include "../libcli/security/dom_sid.h" +#include "../libcli/security/security_token.h" +#include "lib/id_cache.h" extern bool global_machine_password_needs_changing; @@ -2960,6 +2963,109 @@ static NTSTATUS smbd_register_ips(struct smbd_server_connection *sconn, #endif +static bool uid_in_use(const struct user_struct *user, uid_t uid) +{ + while (user) { + if (user->session_info && + (user->session_info->unix_token->uid == uid)) { + return true; + } + user = user->next; + } + return false; +} + +static bool gid_in_use(const struct user_struct *user, gid_t gid) +{ + while (user) { + if (user->session_info != NULL) { + int i; + struct security_unix_token *utok; + + utok = user->session_info->unix_token; + if (utok->gid == gid) { + return true; + } + for(i=0; ingroups; i++) { + if (utok->groups[i] == gid) { + return true; + } + } + } + user = user->next; + } + return false; +} + +static bool sid_in_use(const struct user_struct *user, + const struct dom_sid *psid) +{ + while (user) { + struct security_token *tok; + + if (user->session_info == NULL) { + continue; + } + tok = user->session_info->security_token; + if (tok == NULL) { + /* + * Not sure session_info->security_token can + * ever be NULL. This check might be not + * necessary. + */ + continue; + } + if (security_token_has_sid(tok, psid)) { + return true; + } + user = user->next; + } + return false; +} + +static bool id_in_use(const struct user_struct *user, + const struct id_cache_ref *id) +{ + switch(id->type) { + case UID: + return uid_in_use(user, id->id.uid); + case GID: + return gid_in_use(user, id->id.gid); + case SID: + return sid_in_use(user, &id->id.sid); + default: + break; + } + return false; +} + +static void smbd_id_cache_kill(struct messaging_context *msg_ctx, + void *private_data, + uint32_t msg_type, + struct server_id server_id, + DATA_BLOB* data) +{ + const char *msg = (data && data->data) + ? (const char *)data->data : ""; + struct user_struct *validated_users; + struct id_cache_ref id; + struct smbd_server_connection *sconn = + talloc_get_type_abort(private_data, + struct smbd_server_connection); + + validated_users = sconn->smb1.sessions.validated_users; + + if (!id_cache_ref_parse(msg, &id)) { + DEBUG(0, ("Invalid ?ID: %s\n", msg)); + return; + } + + if (id_in_use(validated_users, &id)) { + exit_server_cleanly(msg); + } + id_cache_delete_from_cache(&id); +} + /**************************************************************************** Process commands from the client ****************************************************************************/ @@ -3143,6 +3249,11 @@ void smbd_process(struct tevent_context *ev_ctx, messaging_register(sconn->msg_ctx, sconn, MSG_SMB_FILE_RENAME, msg_file_was_renamed); + id_cache_register_msgs(sconn->msg_ctx); + messaging_deregister(sconn->msg_ctx, ID_CACHE_KILL, NULL); + messaging_register(sconn->msg_ctx, sconn, + ID_CACHE_KILL, smbd_id_cache_kill); + /* * Use the default MSG_DEBUG handler to avoid rebroadcasting * MSGs to all child processes diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 0123e7dffb1..2fd59a1f471 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -1182,8 +1182,4 @@ NTSTATUS vfs_streaminfo(connection_struct *conn, void *avahi_start_register(TALLOC_CTX *mem_ctx, struct tevent_context *ev, uint16_t port); -/* The following definitions come from smbd/msg_idmap.c */ - -void msg_idmap_register_msg(struct messaging_context *ctx); - #endif /* _SMBD_PROTO_H_ */ diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 07d2b3ebff4..7e1bddd23bf 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -230,6 +230,48 @@ static void smbd_msg_debug(struct messaging_context *msg_ctx, messaging_send_to_children(msg_ctx, MSG_DEBUG, data); } +static void smbd_parent_id_cache_kill(struct messaging_context *msg_ctx, + void *private_data, + uint32_t msg_type, + struct server_id server_id, + DATA_BLOB* data) +{ + const char *msg = (data && data->data) + ? (const char *)data->data : ""; + struct id_cache_ref id; + + if (!id_cache_ref_parse(msg, &id)) { + DEBUG(0, ("Invalid ?ID: %s\n", msg)); + return; + } + + id_cache_delete_from_cache(&id); + + messaging_send_to_children(msg_ctx, msg_type, data); +} + +static void smbd_parent_id_cache_flush(struct messaging_context *ctx, + void* data, + uint32_t msg_type, + struct server_id srv_id, + DATA_BLOB* msg_data) +{ + id_cache_flush_message(ctx, data, msg_type, srv_id, msg_data); + + messaging_send_to_children(ctx, msg_type, msg_data); +} + +static void smbd_parent_id_cache_delete(struct messaging_context *ctx, + void* data, + uint32_t msg_type, + struct server_id srv_id, + DATA_BLOB* msg_data) +{ + id_cache_delete_message(ctx, data, msg_type, srv_id, msg_data); + + messaging_send_to_children(ctx, msg_type, msg_data); +} + static void add_child_pid(struct smbd_parent_context *parent, pid_t pid) { @@ -768,7 +810,12 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent, messaging_register(msg_ctx, NULL, MSG_SMB_BRL_VALIDATE, brl_revalidate); - msg_idmap_register_msg(msg_ctx); + messaging_register(msg_ctx, NULL, + ID_CACHE_FLUSH, smbd_parent_id_cache_flush); + messaging_register(msg_ctx, NULL, + ID_CACHE_DELETE, smbd_parent_id_cache_delete); + messaging_register(msg_ctx, NULL, + ID_CACHE_KILL, smbd_parent_id_cache_kill); #ifdef CLUSTER_SUPPORT if (lp_clustering()) { diff --git a/source3/wscript_build b/source3/wscript_build index b07539f7f64..4fe432bf501 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -339,7 +339,7 @@ WINBINDD_SRC = '''${WINBINDD_SRC1} MANGLE_SRC = '''smbd/mangle.c smbd/mangle_hash.c smbd/mangle_hash2.c''' -SMBD_SRC_MAIN = '''smbd/server.c smbd/msg_idmap.c''' +SMBD_SRC_MAIN = '''smbd/server.c''' BUILDOPT_SRC = '''smbd/build_options.c''' -- 2.34.1